• 🛡 Security Professional with 4 years of experience & AI Red Teamer | Specialized in WebApp Pentesting, AI Security and Network Security Research, and Pentesting Tools & Exploits Development
• 🚀 Startup Founder & CTO | Leading security & development at Voyxa, an AI-powered B2B SaaS Voice AI Company, providing Helpdesk and Technical Support solutions to enterprises
• 🔬 Cybersecurity Researcher | Investigating Prompt Injection Attacks, AI Exploit Development, Network Security, and Advanced Threat Analysis
• 💡 Tech Mentor & Educator | Active mentor at SecurityCert, Italy’s largest cybersecurity community for professionals and companies
• 🎯 Open-Source Contributor | Developing and maintaining Pentesting Tools, AI Security Solutions, and Automation in System Engineering
• 👾 Continuous Learner | Advancing skills in LLM Security, Advanced Exploit Development, PowerShell Pentesting, and Network Security

Hey there! I'm Tommaso Bona, a Security Professional, Ethical Hacker, and AI Red Teamer from Italy. My expertise lies in offensive security, AI adversarial and Network Security research, Exploits/Tools Development and Penetration Testing.

I am dedicated to securing AI systems, identifying vulnerabilities in web applications and networks, and developing advanced security tools. My contributions focus on:

• AI Red Teaming & LLM Security Auditing – Developing automated LLM security assessments and adversarial AI testing methodologies
• Exploit & Malware Development – Crafting custom exploits, keyloggers, and evasion techniques for security testing
• Web & Network Pentesting – Conducting offensive security assessments on applications and infrastructure
• Prompt Injection & AI Security Research – Analyzing LLM vulnerabilities and adversarial ML techniques
• Mentoring & Cybersecurity Education – Supporting the SecurityCert community and contributing to cybersecurity training initiatives

At Voyxa, I lead the development and delivery of our AI-driven solution, ensuring the highest security and compliance standards while managing a team of engineers and researchers.

🔹 AI Red Teaming | Adversarial AI Security, LLM Prompt Injection, Model Extraction
🔹 WebApp & Network Pentesting | Exploit Development, Vulnerability Assessments, Threat Simulation
🔹 Scripting & Development | Custom Advanced Payloads and Pentesting tools Development for Windows/Linux
🔹 Threat Hunting & Forensics | SIEM/XDR Monitoring, CVE Mitigation, Malware Analysis

• Web & Network Pentesting | Tools like SQLmap, Metasploit, Nmap, Wireshark, Recon-ng (but mostly i develop my own tools)
• Exploit Development & Reverse Engineering | Custom Windows/Linux Exploits, Payload Development, Shellcode Injection
• Malware Analysis & Evasion Techniques | Keyloggers, Reverse Shells, Obfuscation & AV Evasion
• AI Security & Adversarial Attacks | LLM Red Teaming, OpenAI API Exploitation, Model Extraction & Manipulation
• Digital Forensics & Threat Hunting | SIEM/XDR (Darktrace, ESET), IOC Analysis (Redline, Mandiant IOCEditor)
• OSINT & Dark Web Operations | Intelligence Gathering, Threat Actor Tracking, Anonymity Techniques

• LLM Security Auditing Tools | Custom AI Exploit Development
• AI Offensive Automations | Secure AI API Testing in Python
• Adversarial ML | Prompt Manipulation, AI Attack Simulations

• AWS Security & IAM | Infrastructure Hardening
• Active Directory & WatchGuard Firewall Configuration
• Network Monitoring: ESET Protect, Checkmk, CoreMon Observium

• ISC2 Certified in Cybersecurity (CC)
• Fortinet Certified Associate in Cybersecurity – Fortinet
• Blue Team Junior Analyst (BTJA) – Security Blue Team
• Cybersecurity Roles, Processes and Operating System Security – IBM
• ESET Managed Cloud Security Specialist
• ESET Managed Client Security Specialist
• D|FE, N|DE & E|HE – EC-Council
• Practical Cyber Threat Intelligence – EC-Council
• Authentication and Authorization with AWS Identity and Access Management – AWS